package cn.itcast.web.shiro;

import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;
import org.apache.shiro.crypto.hash.Md5Hash;

/*
    自定义md5hash加盐加密的密码匹配器
* */
public class CustomCredentialsMatcher extends SimpleCredentialsMatcher {

    /*
         token:包含了用户输入的 用户名和密码
         info：里面有数据存储的用户密码
    */
    @Override
    public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;

        String email = usernamePasswordToken.getUsername();
        char[] tokenPassword = usernamePasswordToken.getPassword();
        String password = new String(tokenPassword);

        //对用户输入的用户名和密码，md5加盐加密
        Md5Hash md5Hash = new Md5Hash(password, email);

        //获取存储在数据库中的密码
        String dbPassword = (String) info.getCredentials();

        //进行对比
        return dbPassword.equals(md5Hash.toString());
    }
}
